Blue Cross Consortium Health Plans Access Management Solution

Introduction

This mini-case study provides an overview of how CTI successfully partnered with Blue Cross Consortium Health Plans (CHP) to design and deploy a

Ping Identity product-based solution to provide business critical B2B integration.

This allowed for secure, Web-based single sign-on between organizations, enhanced website security, reduced identity management expense and an enhanced user experience at the portal level. For more information on CTI, please see www.cti-global.com

Customer Profile

Consortium Health Plans (CHP) was formed in 1994 to help its founding Blue Cross Blue Shield Plans position the Blue System as the carrier of choice for national accounts. It is a national coalition of 21 leading BlueCross BlueShield (BCBS) Plans providing a clear and unified voice, as well as effective central coordination, for the Blue System among national accounts and the consultants and brokers who serve them.

More specifically, CHP is a service provider to sales and marketing personnel seeking analytics, logistics, demographical information and pricing data of competing BCBS companies.  Its 4,000 active users currently log into a Virtual Private Network (VPN) BluesNet to access the non-public site and maintain a separate userid and password for authentication and access.

Their site, named MarketQuest, is the portal to access information, spreadsheets and reports. It uses content management software called Aqualogic, a proprietary portal building tool that offers web application functionality including user authentication and authorization, user preferences, analytics, session management  and administration.

Customer Needs

CHP has embarked on a strategy to implement a federation solution to dramatically improve the user experience, enhance security, reduce costs, and most importantly position itself for bring-your-own-device (BYOD) and cloud future requirements.

CHP requirements included:

• • Use federation technologies to protect the current intranet site as a public internet site, thereby increasing accessibility across locations and devices.
  • Seamless single sign-on to federated BCBS’s.
  • Secure and reliable integration to the current Aqualogic user management functionality including proper session management of both federated and non-federated users.
  • Identity provider (IDP) mapping functionality required to properly redirect the user to the correct BCBS if they directly access MarketQuest.
  • User validation functionality to determine internal (CHP administrators) versus external (BCBS Users).
  • Accurate userid mapping assuring proper user correlation with the BCBS identity provider(IDP)
  • Consistent session management for both federated and non-federated users.
  • BCBS onboarding pilot of 3 to 5 federation ready BCBS’s.
  • Thorough and comprehensive implementation and transition documentation.

Solution Provided by CTI

The PingFederate product solution is the industry leading federation gateway / hub, used to facilitate federation and to enforce standards and security protocols. It reliably and securely protects internal resources, websites and user identities by utilizing the industry standards for federation and federated identity management.

It offers Web single sign-on between business partners by converting internal security tokens (Kerberos, cookies, etc.) into federation security tokens (SAML, WS-Fed). It serves as a token translator and easily integrates with most industry standard Web Access management tools (WAM) via out-of-the-box adaptors.

New features for BYOD and cloud initiatives include OAuth and OpenID connect for mobile technology, SCIM for user synchronization across enterprises, PingOne cloud portal for easy and rapidly deployed cloud federation and PingAccess reverse proxy for SaaS and API authorization.

CTI partnered with Ping Identity to help CHP plan for the controlled introduction of Ping Federate and provided hands-on engineering services to successfully implement the product. CTI also provided CHP with ongoing support during the BCBS cutover period.

During a Phase 1 of the project, CTI provided CHP with specialized professional services during several important stages, including:

• • Requirements Analysis and Design.
  • Install and configuration of Ping Federate in 3 environments(test, Quality Assurance and Production)
  • Custom development of an IDP redirector to rout the user to the correct BCBS when they access MarketQuest directly.
  • A custom login page for federated users for consistency between federated and non-federated users.
  • Ping federate adapter development and Aqualogic customizations for the Ping federate SSO provider integration.
  • Custom development for session management.
  • Pilot partner federation with BlueCross BlueShield of Michigan.
  • Complete documentation including transition, configuration and integration patterns.

Benefits to Customer

The solutions implemented and supported by CTI Professional Services resulted in an excellent return on investment (ROI) and many specific benefits to CHP, including:

• • Internet availability of MarketQuest (MQ) with ubiquitous access for their users: Plan members can access MQ from office PCs, and mobile devices from any Internet accessible endpoint (meeting SSL requirements).
  • Seamless single sign-on for users accessing MQ from partner BlueCross BlueShield sites.
  • Simplified and less-costly user provisioning\deprovisioning with user management delegated to the BlueCross BlueShield identity provider sites.
  • Enhanced security and better access control with federated BlueCross partners.
  • Reduce BluesNet fees: Currently CHP pays for each byte of data it sends across BluesNet. Federation from the Public Internet will allow CHP to streamline and manage costs to transmit large reports to Plans via fixed rate broadband connectors.
  • Increased portal performance: MQ via the Internet facilitates less congestion on data transfers via CHP’s public broadband service opposed to a significantly smaller BluesNet connection

Conclusion

With its 15+ years of experience, CTI is a reliable and experienced professional services company with federation and single-sign-on solution specialization. CTI continues in 2019 to successfully assist CHP in meeting its needs for improving its user management, web security and user portal experience / performance.  CHP is reaping the benefits of this unique Ping Identity product line and CTI’s services and expertise.

More importantly, Ping federation solutions position CHP for future requirements of mobile, BYOD and secure SaaS requirements to partners.  Ping Identity, combined with CTI expert-level professional services, has provided CHP with an excellent return-on-investment.